Introduction

Rebalancing relocates data from heavily loaded members to lightly loaded members. Currently Geode only supports manual rebalancing by issuing a gfsh command or a java function call. In most cases, the decision to rebalance is based on the data distribution in the cluster and max memory configuration of the members. As Geode monitors the data size, it can also automatically trigger rebalancing. Auto-balancing will redistribute data-load periodically and prevent conditions leading to failures.

Requirements

Configurable size threshold to qualify system as off-balanced

Minimize the impact on concurrent operations caused by continuous rebalancing

Alternatives

The user can schedule a cron job to invoke the gfsh rebalance command on a periodic basis.

Background

A member is unhealthy, if its heap is critical. Ideally a user would want to redistribute load on a unhealthy member to other members iff the members have sufficient capacity (i.e. totalBytes + newBucketSize << localMaxMemory). In some cases this can cause entire cluster to fail. Redistribution of load may cause healthy members to become unhealthy. Rebalancing can also increases IO activity significantly. So it may be safer to manually rebalance the cluster if any node is unhealthy.

Current implementation of rebalance operation can be used to estimate transfer-size, before actually executing transfer size. Transfer size is the total number of bytes that may be moved during a rebalance operation. It is mainly based on the total number of buckets below redundancy level and load on individual nodes. It will be inefficient if rebalance is executed if transfer-size is too small. Moreover rebalancing when transfer size is high may overload the system.

New capacity of a cluster can be increased by adding new nodes. A user can specify rebalance flag after the last node is added. This way frequent rebalance can be avoided.

Based on the points discussed above, we plan to use transfer-size metric as the primary decision factor for triggering rebalance. Presence of empty node will be ignored assuming user may be adding more capacity. Similarly critical nodes will be ignored assuming such nodes need specific region based rebalance actions.

How is load defined?

Load on a member is a function of

Total number of buckets hosted on the member

Number of primary buckets on the member

Number of secondary buckets on the member

Size of the buckets

Maximum memory

When is a cluster off-balance?

[Auto-balance candidate] if transfer-size is more than X% of the total data size, rebalance can result in a consistent data distribution and create comparable free space on all nodes

[Auto-balance candidate] if the cluster is not running at configured redundancy levels

[prefer manual rebalance] or any unhealthy node exists in the cluster.

Use Cases

After node failure and recovery, gfsh command "rebalance -simulate" reports a high transfer-size. In this case, the nodes may have comparable utilization, but a rebalance would result in a uniform region data distribution. So action would be taken

Over time, some buckets may grow much larger than other buckets in the region. Or some regions may grow more than others. Rebalance would get triggered, resulting in a uniform distribution

Design

We would like to implement this as an independent module without modifying existing code, so that it can be easily applied to any version of the system. To enable auto-balancing, the user will place the auto-balance jar on their classpath and add an initializer to their cache.xml. The initializer will provide the following configuration

Schedule - cron string: In order to minimize the impact on concurrent operations, we feel it’s important to provide the user with the ability to configure the frequency and timing of automatic rebalancing. Bucket movement does add load to the system and in our performance tests we can see that the throughput of concurrent operations drops during bucket movement. A user is expected to configure off-peak hours for rebalancing. So a schedule based on cron like configuration is useful.

Size-threshold-percent - int between 1 and 99:Rebalancing will be triggered if the transfer-sizeis more than this threshold. This threshold is the percentage of the total data size. Rebalance operation computes transfer size based on relationship between regions, primary ownership and redundancy.

Minimum cluster: Rebalancing could be harmful when the cache is initially being populated, because bucket sizes may vary wildly when there is very little data. Because of that, we will also provide a threshold before automatic rebalancing will kick in.

We only want one member to be automatically rebalancing a given region. So each member that starts auto rebalancing will try to get a distributed lock. If the member obtains the lock it will do the auto rebalancing until rebalance completes. Otherwise it continue to wait for the next cycle and repeat.

At the scheduled interval the auto-balancer will check the balance of the system. It will do that by calling PartitionRegionHelper.getPartitionRegionInfo and fetching the size of all of the regions in bytes from all members. It will sum the colocated regions together (like rebalancing does).

Note that this means there is a limitation that members configured with the auto rebalancer have all of the regions defined, because otherwise some regions may not be rebalanced.

Testing

We will need to add auto rebalancing to some existing tests and give it a schedule that will cause it to run during the test. We will also need to write unit tests for the rebalancing triggering and scheduling logic.

Limitations

Initializer: Geode has provision for a single initializer instance. Spring integration also depends on Initializer. So initializer based approach could block user from using some features. Initializer initializer based approach seems ok for POC. Also some parts of the code will be reusable, scheduler, locking and trigger logic.

For now start with a separate module (like gemfire-web) for rebalancer. We will consolidate smaller modules into a bigger one later if it gets too cluttered.

Quartz seems to be an overkill for just cron string parsing. Since rebalance is an expensive operation, we expect uses to schedule it off-peak hours. This is where cron based schedule is very useful. We are not exposing cron api externally and may replace it with a lighter implementation for cron parsing.

Only regions that are defined on the auto rebalancer node will be rebalanced. Users can add accessors if there is a region they want to make sure gets rebalanced but is not available everywhere.

Rebalancing always recovers redundancy, moves buckets, and moves primaries. This means that when the rebalancer kicks in, redundancy will be recovered, regardless of the settings for recovery-delay.

There is no way to disable or modify the automatic rebalancing without restarting members, since the configuration is part of the member configuration.